Lucene search

HpCVE-2011-4157

HistoryNov 16, 2011 - 4:55 p.m.

CVE-2011-4157

2011-11-1616:55:00

CWE-119

web.nvd.nist.gov

cve-2011-4157

san/iq

buffer overflow

remote execution

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

Low

EPSS

0.51

Percentile

97.6%

JSON

Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.

Affected configurations

Nvd

Node

hpcentralized_management_console_softwareRange≤9.0

hpcentralized_management_console_softwareMatch7.0.01sp1

hpcentralized_management_console_softwareMatch8.0

hpcentralized_management_console_softwareMatch8.1

hpcentralized_management_console_softwareMatch8.5

hpsan\/iqRange≤9.0

hpsan\/iqMatch8.0

hpsan\/iqMatch8.1

hpsan\/iqMatch8.5

AND

hpstorageworks_p4000_virtual_san_appliance

VendorProductVersionCPE
hpcentralized_management_console_software*cpe:2.3:a:hp:centralized_management_console_software:*:*:*:*:*:*:*:*
hpcentralized_management_console_software7.0.01cpe:2.3:a:hp:centralized_management_console_software:7.0.01:sp1:*:*:*:*:*:*
hpcentralized_management_console_software8.0cpe:2.3:a:hp:centralized_management_console_software:8.0:*:*:*:*:*:*:*
hpcentralized_management_console_software8.1cpe:2.3:a:hp:centralized_management_console_software:8.1:*:*:*:*:*:*:*
hpcentralized_management_console_software8.5cpe:2.3:a:hp:centralized_management_console_software:8.5:*:*:*:*:*:*:*
hpsan\/iq*cpe:2.3:a:hp:san\/iq:*:*:*:*:*:*:*:*
hpsan\/iq8.0cpe:2.3:a:hp:san\/iq:8.0:*:*:*:*:*:*:*
hpsan\/iq8.1cpe:2.3:a:hp:san\/iq:8.1:*:*:*:*:*:*:*
hpsan\/iq8.5cpe:2.3:a:hp:san\/iq:8.5:*:*:*:*:*:*:*
hpstorageworks_p4000_virtual_san_appliance*cpe:2.3:h:hp:storageworks_p4000_virtual_san_appliance:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	centralized_management_console_software	*	cpe:2.3:a:hp:centralized_management_console_software::::::::
hp	centralized_management_console_software	7.0.01	cpe:2.3:a:hp:centralized_management_console_software:7.0.01:sp1::::::
hp	centralized_management_console_software	8.0	cpe:2.3:a:hp:centralized_management_console_software:8.0:::::::*
hp	centralized_management_console_software	8.1	cpe:2.3:a:hp:centralized_management_console_software:8.1:::::::*
hp	centralized_management_console_software	8.5	cpe:2.3:a:hp:centralized_management_console_software:8.5:::::::*
hp	san\/iq	*	cpe:2.3:a:hp:san\/iq::::::::
hp	san\/iq	8.0	cpe:2.3:a:hp:san\/iq:8.0:::::::*
hp	san\/iq	8.1	cpe:2.3:a:hp:san\/iq:8.1:::::::*
hp	san\/iq	8.5	cpe:2.3:a:hp:san\/iq:8.5:::::::*
hp	storageworks_p4000_virtual_san_appliance	*	cpe:2.3:h:hp:storageworks_p4000_virtual_san_appliance::::::::

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03082086

www.securityfocus.com/bid/47005

www.securityfocus.com/bid/51042

www.zerodayinitiative.com/advisories/ZDI-11-111/

exchange.xforce.ibmcloud.com/vulnerabilities/71766

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

Low

EPSS

0.51

Percentile

97.6%

JSON

Related for CVE-2011-4157